Genuine Windows Blog : Windows Vista

Windows Activation Technologies: Activation and Validation in Windows 7

alexkoc — Thu, 07 May 2009 20:50:00 GMT

Earlier today we posted on Microsoft's Press Pass site an interview with our group's General Manager, Joe Williams. In the interview he discusses our approach to anti-piracy in Windows 7. The full details can be found here; but basically the interview covered the following points.

The Windows 7 activation experience will be familiar to users of Windows Vista SP1

The Windows 7 activation experience is based on that of Windows Vista SP1 and should appear familiar to users of Windows Vista SP1. This includes the notifications that alert customers if they need to activate their copy of Windows and helps them with issues that may occur -- including the possibility that they might be a victim of software piracy.

Windows 7 includes an updated notifications experience for product activation

We heard feedback from customers that while the notifications that appeared in Windows Vista were effective at helping alert customers, there might be more we could do and say that would be helpful. So for Windows 7 our goal was to do a better job of helping customers make decisions with confidence about which action to take. In Windows 7, we're being more descriptive about what Windows is actually doing and providing more information about what, if any, actions the user should take as a result.

In the Windows 7 timeframe, one of our goals is to improve support for deployment and activation in the enterprise and other large organizations

We also heard from enterprise customers that there were some scenarios where our activation tools could be improved, to help ease the burden on IT departments. So we've added to some of the existing tools for IT professionals and made them easier to access to better support those who need to manage Windows activations at an organizational level. One example is the new support for activation in virtualization scenarios where KMS now counts virtual clients. This is important for customers who have fully virtualized environments or customers who have dev/test environments where virtual clients are used heavily.

Other changes

Though not a core part of the Windows 7 product experience, one of the changes we are making to our anti-piracy efforts is to better distinguish between the generations of technology we're deploying. As many of you know, our online validation program, known as Windows Genuine Advantage, is a program designed for use with Windows XP. It was also designed to be added to the existing product activation technology that began shipping broadly with the versions of Windows XP that were already in the market. The addition of WGA to the anti-piracy technology used to protect Windows XP was key in that it enabled us to be much more agile in our response to techniques used by counterfeiters and pirates. As a result of the success of WGA, we built validation technology into Windows Vista from the beginning. These components were new and were built for use in Windows Vista. The same components, though tuned up a bit, form the basis of our activation and validation technology in Windows 7. To better reflect this latest generation of technology we will refer to the activation and validation components in Windows Vista and Windows 7 by a new name, Windows Activation Technologies.

In this latest generation of the technology activation and validation work together to protect Windows from being compromised or tampered with for the purpose of working around product activation. The notifications experience and the steps required to resolve issues are largely similar between Windows Vista and Windows 7 though we have made a number of improvements. In most cases a customer simply needs activate Windows with a genuine product key to resolve issues.

One of our design goals in this generation of the technology is to enable Windows to get smarter over time so we added the ability to receive new information that Windows can use to detect and protect against the latest activation exploits, tampering or other attempts to circumvent product activation.

We've also added to the online service that supports activation and validation on the Microsoft side with extensive systems monitoring, geo-redundancy and a focus on accuracy.

Overall, Windows 7 represents the latest technology in the tools and methods Microsoft has developed fight software piracy. As we look ahead, we know there will be new exploits that pirates will try once Windows 7 ships. In fact, we've already begun to see evidence of these efforts; our customers and partners have our pledge that as long as pirates keep trying to exploit Windows for their own ends, we'll be working to beat them through the technologies we develop and the programs we run to protect our customers, partners and Microsoft's intellectual property.

To see some of the changes between Windows Vista and Windows 7 take a look back at my post here about the notifications experience from the Windows 7 Beta, I don't expect much to change between that and our final release.

Wall Street Journal article on counterfeiting

alexkoc — Sat, 14 Apr 2007 22:36:00 GMT

Saw an article in the Wall Street Journal today (requires login to read the whole article) that touched on how broad the counterfeiting problem is and how a number of US companies are working with the US Chamber of Commerce to educate officials in other countries about the issue. I think many people don't realize the significant losses in tax revenue and jobs due to counterfeiting and how it impacts the ability of countries to benefit from producing their own intellectual property. The reason there aren't stronger locally based software businesses or other IP based businesses in some countries isn't necessarily because they don't have skilled engineers it's because they don't have as strong observation of intellectual property as exists in more developed countries. Lack of respect or observation of IP laws leads businesses to be wary of investments in some countries and makes getting a locally based business off the ground very difficult.

While the article is a good summary what I found most cool about it was that they not only included a quote from a friend and colleague, Cori Hartje, but they included a picture she took of counterfeit products she saw for sale at a market in Brazil. Cori also told me that while one of the vendors there did have Windows Vista for sale they warned her that it wouldn't work for very long because of what Microsoft is doing to stop piracy of the product. Great to see that the word is getting out!

'Brute' Force Attack on Windows Vista now 'Moot' Force Attack

alexkoc — Tue, 06 Mar 2007 06:06:00 GMT

Over the weekend we learned that the widely covered 'Vista Brute Force Keygen' turned out to be a hoax. It's nice that the originator has come forward and is encouraging everyone to buy and use genuine copies of Windows Vista.

As you can imagine we receive reports of hacks every week. Many turn out to be ineffective, but to determine that we review and investigate every report. One of the first questions we ask ourselves with each reported hack is 'does this represent a real risk to our customers?' As we learned with XP, counterfeit software can be quite risky to obtain and run.

The next question we ask is ‘can this be commercialized'? Some hacks are highly technical to implement and can require significant engineering on the part of the end user. These are obviously interesting to us and we do spend time looking closely at them. At the same time it's possible for a hack to be scaled and used by organized rings of counterfeit software traffickers to profit by exploiting innocent victims. Our priority is in evaluating against scalability and risk to our customers and working to help customers that might have been victimized.

I would also like to point out that people seem to get pretty excited at any reported possible hack. And while it's always fun to have the attention, having worked on these issues for several years I've learned that it can take a while to learn how real a reported hack is...or not (e.g. the ~~Brute~~ Moot Force attack).

Brute force attack on Windows Vista product keys?

alexkoc — Fri, 02 Mar 2007 22:16:00 GMT

This morning as I was checking my feeds while standing in line waiting for coffee I saw a few headlines about a reported brute force attack on product keys for Windows Vista. The attack randomly searches for legit keys. This is called a brute force attack because there really isn't much intelligence involved and the goal is to just randomly cycle through key after key after key until a legit one is found. One report indicates that the script written to perform this attack goes through about a thousand keys every half an hour; frankly, that's a pretty slow brute force attack.

In one of the forums I was scanning this morning, there was a question brought up: assuming the attack were successful (and this hasn't been confirmed yet), what would happen if a key that was hit upon was also the same key in use by a legitimate customer? Really, this would boil down to a customer service issue and we would work to make sure that our customers are taken care of. Having said this personally I think it's unlikely that this would happen as our product activation servers perform a more rigorous analysis of the keys that are sent up for activation than the local key logic does. For this reason producing keys that will ultimately activate is less likely than just hitting upon one that will pass the local logic. But if anyone does hear of a report of a legit customer being refused a product activation on a genuine key please let us know.

We're looking more deeply into this issue now and I'll post more info soon.

Windows Vista Tamper Detection and misbehaving apps

alexkoc — Thu, 01 Mar 2007 21:47:00 GMT

We've seen reports indicating that customers are being prompted to activate Windows Vista on computers on which activation had not been previously required. This problem can occur because a specific system setting is deleted when a program runs with administrative credentials. The removal of this setting may cause a BIOS validation check to fail; the BIOS validation check is part of the system activation process for PCs from major manufacturers. This behavior causes a regular genuine validation check that occurs at boot time to fail. Therefore, the customer may be prompted to activate Windows Vista, even though the system did not previously require activation. We've heard of a few programs that cause this problem, including nProtect GameGuard, Trend Micro Internet Security, PC-Cillin Anti-Virus and PC Tools Spyware Doctor.

In late January, when this issue was discovered a fix was published and sent out via Windows Update. This has solved many of the issues customers were experiencing. If you missed the WU fix, you can download it here: http://support.microsoft.com/kb/931573. This is addressing a lot of the issues customers are having, however, we realize there are a few programs that are not covered with this fix and our team is working to handle these as soon as possible.

This issue highlights the importance of the new tamper detection technology enabled by the Software Protection Platform in Windows Vista. When evidence of system tampering is detected the system will go into a non-genuine or tampered state depending on the tamper. Also, depending on the severity of tampering the remedies for it can range from a simple reboot all the way to a complete re-install. In this particular case, the programs in question delete a specific system setting that triggers the tamper detection. This can be fixed by visiting the KB article above and following the steps. In some cases this type of tamper could also be caused by deliberate tampering with core system components. While the current examples are unintentional and we've provided fixes, it is important to have these checks built into the system because it helps to ensure the integrity of the Windows system in turn protecting our customers and our IP.

Pirated Windows Vista may be worth-LESS

alexkoc — Wed, 07 Feb 2007 19:30:00 GMT

I saw an article in the LA Times this morning reporting that counterfeit copies of Windows Vista are being seen in big cities in Latin America such as Mexico City and Sao Paulo and for very cheap. While we're not terribly surprised at this, nor would I expect many readers of this blog to be surprised, I did hear an interesting tid-bit from a friend about the current price of a counterfeit copy of Windows Vista. A colleague and friend of mine was travelling in Brazil recently and during her trip she took a few minutes to see what software was easily available on the streets of Sao Paulo. While Windows Vista was among the counterfeits available it was cheaper (about $5 vs $10 for other software titles) because the vendor said it 'might expire'. While learning that a counterfeit copy of your product is suddenly cheaper than before might not obviously be a good thing in this case I think it is. The fact that the value of a counterfeit copy is dropping is a sign that the product is harder to counterfeit (if it were easier to hack there should have been a non-expiring version available) and while other common applications that are less difficult to hack (and so have at least the similar basic distribution costs) still cost more is a sign that the product in its counterfeit state is truly worth-less.

Report of a new hack - and one of my favorite websites stumbles

alexkoc — Wed, 03 Jan 2007 01:25:00 GMT

For me the report of this latest hack was a double whammy. First it's no fun to read a report of a new attempt to hack Microsoft's products, but secondly the tone of coverage of this hack on one of my favorite sites left me very disappointed.

First the hack. Known as the 'timer crack' or '2099 crack' this hack basically resets the pre-activation grace period to be in effect through 2099. Implementing this hack requires the user to implement a 23-step process that involves modifying/replacing kernel level files, making manual registry edits and other serious changes that could have destabilizing consequences. Our team is actively reviewing the reports of this workaround now, and I expect we'll take corrective action soon.

I ran across the first report of the hack on one of my favorite websites, Engadget, which I read daily as a feed on my live.com page. What disappointed me so much about the post that announced this hack wasn't that they discussed the hack, because I do think it's newsworthy. What really disappointed me was the tone of the Engadget poster. The poster seems to endorse the practice of trying to hack Windows Vista to enable unlicensed use. The beginning of the post says "we've already found a way to circumvent Redmond's most valiant efforts to make us activate the darned software" and the end concludes with "So if you're looking to hit up a new OS in the coming weeks, or you've already got 'er up and running, be sure to peep the read link if you're interested in pulling this off". I don't know how to interpret that except as a blatant endorsement of theft, by whoever "we" is. I can't imagine reading another post on Engadget using language like that to encourage people to try to get their hands on any of the recently-stolen truck load of RAM or any other of the thousands of products they have featured on their site. The Engadget editorial policy says "If we get something wrong, we correct the error immediately." I'd ask, is it wrong to advocate theft?

Windows Vista 'Frankenbuilds' spotted in the wild

alexkoc — Tue, 21 Nov 2006 02:09:00 GMT

Last week saw a reported leak of an RTM build of Windows Vista. The reports I read indicated that there was an RTM build to download from a P2P network or via Bittorrent and instructions for 'hacking' by cobbing together a couple of files that were released with Windows Vista RC1 and using an RC1 or RC2 product key. Thus in our hallway this version has is being referred to as a Franken(stein)-build of Windows Vista.

As most of the coverage I have seen notes, since the product keys being used with these builds were meant to be used with RC1 builds and were not intended for long term use ultimately these installations will be of limited value. If anything this event shows the demand for the improvements that Windows Vista offers.

Question: does this mean Windows Vista is cool?